Additional Features
Support for the following features has been extended to these platforms.
-
BGP, OSPF, and OSPFv3 authentication and encryption using manual IPsec SA (MX240, MX480, and MX960 with MX-SPC3, SRX Series devices and vSRX running iked process). OSPF for IPv6, also known as OSPF version 3 (OSPFv3), does not have built-in authentication to ensure that routing packets are not altered and re-sent to the router. Starting in Junos OS Release 22.2R1, you can use IPsec to encrypt and secure BGP, OSPF, and OSPFv3 packets.
To configure IPsec for BGP, OSPF, and OSPFv3, define a security association (SA) with the
security-association sa-name
configuration option at the[edit security ipsec]
hierarchy level for both MX Series and SRX Series platforms. You then apply the configured SA to the BGP, OSPF, and OSPFv3 configurations.[See security-association.]
To view the configured IPsec SAs for BGP, OSPF, and OSPFv3:
- On MX240, MX480, and MX960 with MX-SPC3,
and on
SRX
Series
devices and vSRX running
the
iked process, use the
show security ipsec control-plane-security-associations
command.[See show security ipsec control-plane-security-associations.]
- On MX240, MX480, and MX960 routers with MS-MPC/MS-MIC, use the
show ipsec security-associations
command. - On SRX Series devices running
the
kmd process, use the
show security ipsec security-associations
command.
Note:We do not support this feature with BGP, OSPF, and OSPFv3 over the secure tunnel (st0) interface.
[See Understanding OSPFv3 Authentication, Using IPsec to Secure OSPFv3 Networks (CLI Procedure), and Example: Configuring IPsec Authentication for an OSPF Interface.]
- On MX240, MX480, and MX960 with MX-SPC3,
and on
SRX
Series
devices and vSRX running
the
iked process, use the
-
Collect ON_CHANGE BGP RIB telemetry statistics and BGP neighbor telemetry with sharding (MX Series, PTX Series and QFX Series)
[See Telemetry Sensor Explorer.]
-
Lightweight PE-CE Loop Detection on EVPN-VXLAN Fabrics (EX4400-48MP, EX4400-48P, EX9200, MX240, MX480, MX960, and MX10003)
-
Layer 2 Protocol Tunneling (L2PT) (MX240, MX480, and MX960 with MPC10E-15C-MRATE and MPC10E-10C-MRATE; MX2010 and MX2020 with MX2K-MPC11E)
[See Layer 2 Protocol Tunneling.]
-
Support for EVPN-VPWS (MX240, MX480, MX960, MX2010, and MX2020 with MPC10E line card)—We’ve extended support for EVPN-VPWS to the listed platforms as follows:
-
EVPN-VPWS with single-active or all-active multihoming capabilities and inter-autonomous system (AS) options associated with BGP-signaled VPNs.
-
EVPN VPWS with Pseudowire Headend Termination (PWHT) on Layer 3 VPN with single-active or all-active multihoming.
-
EVPN VPWS with PWHT on VPLS with single-active multihoming.
EVPN VPWS with flexible cross connect (FXC) is not supported on the listed platforms in Junos OS Release 22.2R1.
[See Overview of VPWS with EVPN Signaling Mechanisms and Overview of Headend Termination for EVPN VPWS.]
-
-
Support for flexible tunnel interfaces (MX304, MX10008, and MX10016)
-
Support for Routing-Engine-based traffic sampling (MX10K-LC9600 line card)
[See Configuring Traffic Sampling on MX, M and T Series Routers.]
-
Supported transceivers, optical interfaces, and DAC cables Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and DAC cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available.
-
Symmetric integrated routing and bridging (IRB) with EVPN Type 2 routes (EX4400, EX4650, EX9204, EX9208, EX9214, MX Series, vMX, QFX5110, QFX5120, QFX10002, QFX10002-60C, QFX10008, and QFX10016). We support this feature only with MAC-VRF EVPN routing instance configurations and MAC-VRF service types
vlan-based
andvlan-aware
. [See Symmetric Integrated Routing and Bridging with EVPN Type 2 Routes in EVPN-VXLAN Fabrics and irb-symmetric-routing.]